Loading images/orp/01-keystore.sh +13 −16 Original line number Diff line number Diff line Loading @@ -10,30 +10,27 @@ set -eo pipefail # Create a temporary file for openssl to put random state export RANDFILE="$(mktemp)" ESGF_KEYSTORE_ALIAS="${ESGF_KEYSTORE_ALIAS:-esgf-self}" ESGF_KEYSTORE_FILE="$ESGF_HOME/tomcat/hostcert.p12" KEYSTORE_ALIAS="${ESGF_KEYSTORE_ALIAS:-esgf-self}" KEYSTORE_FILE="$ESGF_HOME/tomcat/hostcert.p12" # Generate a random keystore password for this container run ESGF_KEYSTORE_PASSWORD="$(openssl rand -hex 32)" KEYSTORE_PASSWORD="$(openssl rand -hex 32)" # Create the keystore echo "[info] Creating PKCS12 bundle for host certificate and key" mkdir -p "$(dirname "$ESGF_KEYSTORE_FILE")" openssl pkcs12 -export \ -name "$ESGF_KEYSTORE_ALIAS" \ -out "$ESGF_KEYSTORE_FILE" \ -name "$KEYSTORE_ALIAS" \ -out "$KEYSTORE_FILE" \ -in "$ESGF_HOSTCERT_DIR/tls.crt" \ -inkey "$ESGF_HOSTCERT_DIR/tls.key" \ -password "pass:$ESGF_KEYSTORE_PASSWORD" # Configure the ORP to use it echo "[info] Configuring ORP for PKCS12 bundle" cat <<EOF > "$CATALINA_HOME/webapps/esg-orp/WEB-INF/classes/esg-orp.properties" keystoreFile=$ESGF_KEYSTORE_FILE keystorePassword=$ESGF_KEYSTORE_PASSWORD keystoreAlias=$ESGF_KEYSTORE_ALIAS orp.provider.list=$ESGF_CONFIG_DIR/esgf_known_providers.xml EOF -password "pass:$KEYSTORE_PASSWORD" rm -rf "$RANDFILE" unset RANDFILE # Configure the ORP to use it echo "[info] Configuring ORP to use PKCS12 bundle" CATALINA_EXTRA_OPTS="-Desg.orp.keystore.file=$KEYSTORE_FILE" CATALINA_EXTRA_OPTS="$CATALINA_EXTRA_OPTS -Desg.orp.keystore.alias=$KEYSTORE_ALIAS" CATALINA_EXTRA_OPTS="$CATALINA_EXTRA_OPTS -Desg.orp.keystore.password=$KEYSTORE_PASSWORD" export CATALINA_EXTRA_OPTS images/orp/Dockerfile +2 −1 Original line number Diff line number Diff line Loading @@ -15,6 +15,7 @@ FROM ${ESGF_REPOSITORY_BASE}/tomcat-builder:${ESGF_IMAGES_VERSION} as builder ARG WEBAPP_NAME=esg-orp FROM ${ESGF_REPOSITORY_BASE}/tomcat-runtime:${ESGF_IMAGES_VERSION} # Install custom startup scripts # Install custom config and startup scripts ENV ESGF_HOSTCERT_DIR $ESGF_HOME/hostcert COPY 01-keystore.sh $ESGF_INIT_DIR/ COPY esg-orp.properties $CATALINA_HOME/webapps/esg-orp/WEB-INF/classes/ images/orp/esg-orp.properties 0 → 100644 +5 −0 Original line number Diff line number Diff line keystoreFile=${esg.orp.keystore.file} keystorePassword=${esg.orp.keystore.password} keystoreAlias=${esg.orp.keystore.alias} orp.provider.list=/esg/config/esgf_known_providers.xml images/tomcat-runtime/setenv.sh +3 −1 Original line number Diff line number Diff line Loading @@ -5,4 +5,6 @@ JAVA_MAX_HEAP_MB="${JAVA_MAX_HEAP_MB:-2048}" # By default, set the initial allocation to 50% of the max JAVA_INITIAL_HEAP_MB="${JAVA_INITIAL_HEAP_MB:-$(($JAVA_MAX_HEAP_MB / 2))}" export CATALINA_OPTS="-Xmx${JAVA_MAX_HEAP_MB}m -server -Xms${JAVA_INITIAL_HEAP_MB}m -XX:MaxPermSize=512m -Desg.home=$ESGF_HOME" CATALINA_OPTS="-Xmx${JAVA_MAX_HEAP_MB}m -server -Xms${JAVA_INITIAL_HEAP_MB}m -XX:MaxPermSize=512m" CATALINA_OPTS="$CATALINA_OPTS -Desg.home=$ESGF_HOME $CATALINA_EXTRA_OPTS" export CATALINA_OPTS Loading
images/orp/01-keystore.sh +13 −16 Original line number Diff line number Diff line Loading @@ -10,30 +10,27 @@ set -eo pipefail # Create a temporary file for openssl to put random state export RANDFILE="$(mktemp)" ESGF_KEYSTORE_ALIAS="${ESGF_KEYSTORE_ALIAS:-esgf-self}" ESGF_KEYSTORE_FILE="$ESGF_HOME/tomcat/hostcert.p12" KEYSTORE_ALIAS="${ESGF_KEYSTORE_ALIAS:-esgf-self}" KEYSTORE_FILE="$ESGF_HOME/tomcat/hostcert.p12" # Generate a random keystore password for this container run ESGF_KEYSTORE_PASSWORD="$(openssl rand -hex 32)" KEYSTORE_PASSWORD="$(openssl rand -hex 32)" # Create the keystore echo "[info] Creating PKCS12 bundle for host certificate and key" mkdir -p "$(dirname "$ESGF_KEYSTORE_FILE")" openssl pkcs12 -export \ -name "$ESGF_KEYSTORE_ALIAS" \ -out "$ESGF_KEYSTORE_FILE" \ -name "$KEYSTORE_ALIAS" \ -out "$KEYSTORE_FILE" \ -in "$ESGF_HOSTCERT_DIR/tls.crt" \ -inkey "$ESGF_HOSTCERT_DIR/tls.key" \ -password "pass:$ESGF_KEYSTORE_PASSWORD" # Configure the ORP to use it echo "[info] Configuring ORP for PKCS12 bundle" cat <<EOF > "$CATALINA_HOME/webapps/esg-orp/WEB-INF/classes/esg-orp.properties" keystoreFile=$ESGF_KEYSTORE_FILE keystorePassword=$ESGF_KEYSTORE_PASSWORD keystoreAlias=$ESGF_KEYSTORE_ALIAS orp.provider.list=$ESGF_CONFIG_DIR/esgf_known_providers.xml EOF -password "pass:$KEYSTORE_PASSWORD" rm -rf "$RANDFILE" unset RANDFILE # Configure the ORP to use it echo "[info] Configuring ORP to use PKCS12 bundle" CATALINA_EXTRA_OPTS="-Desg.orp.keystore.file=$KEYSTORE_FILE" CATALINA_EXTRA_OPTS="$CATALINA_EXTRA_OPTS -Desg.orp.keystore.alias=$KEYSTORE_ALIAS" CATALINA_EXTRA_OPTS="$CATALINA_EXTRA_OPTS -Desg.orp.keystore.password=$KEYSTORE_PASSWORD" export CATALINA_EXTRA_OPTS
images/orp/Dockerfile +2 −1 Original line number Diff line number Diff line Loading @@ -15,6 +15,7 @@ FROM ${ESGF_REPOSITORY_BASE}/tomcat-builder:${ESGF_IMAGES_VERSION} as builder ARG WEBAPP_NAME=esg-orp FROM ${ESGF_REPOSITORY_BASE}/tomcat-runtime:${ESGF_IMAGES_VERSION} # Install custom startup scripts # Install custom config and startup scripts ENV ESGF_HOSTCERT_DIR $ESGF_HOME/hostcert COPY 01-keystore.sh $ESGF_INIT_DIR/ COPY esg-orp.properties $CATALINA_HOME/webapps/esg-orp/WEB-INF/classes/
images/orp/esg-orp.properties 0 → 100644 +5 −0 Original line number Diff line number Diff line keystoreFile=${esg.orp.keystore.file} keystorePassword=${esg.orp.keystore.password} keystoreAlias=${esg.orp.keystore.alias} orp.provider.list=/esg/config/esgf_known_providers.xml
images/tomcat-runtime/setenv.sh +3 −1 Original line number Diff line number Diff line Loading @@ -5,4 +5,6 @@ JAVA_MAX_HEAP_MB="${JAVA_MAX_HEAP_MB:-2048}" # By default, set the initial allocation to 50% of the max JAVA_INITIAL_HEAP_MB="${JAVA_INITIAL_HEAP_MB:-$(($JAVA_MAX_HEAP_MB / 2))}" export CATALINA_OPTS="-Xmx${JAVA_MAX_HEAP_MB}m -server -Xms${JAVA_INITIAL_HEAP_MB}m -XX:MaxPermSize=512m -Desg.home=$ESGF_HOME" CATALINA_OPTS="-Xmx${JAVA_MAX_HEAP_MB}m -server -Xms${JAVA_INITIAL_HEAP_MB}m -XX:MaxPermSize=512m" CATALINA_OPTS="$CATALINA_OPTS -Desg.home=$ESGF_HOME $CATALINA_EXTRA_OPTS" export CATALINA_OPTS
